[comment]: # ({a429c249-1d523b6c})
# 1 HTTP

[comment]: # ({/a429c249-1d523b6c})

[comment]: # ({91c8a92a-e5bdba8c})
#### Overview

HTTP or web server-based [authentication](/manual/web_interface/frontend_sections/users/authentication) 
(for example: BasicAuthentication, NTLM/Kerberos) can be used to check user names and
passwords. Note that a user must exist in Zabbix as well, however its
Zabbix password will not be used.

::: noteimportant
Be careful! Make sure that web server
authentication is configured and works properly before switching it
on.
:::

HTTP authentication can be disabled in the frontend by configuring the corresponding option on the *HTTP settings* tab in the [*Users > Authentication*](/manual/web_interface/frontend_sections/users/authentication) section. When HTTP authentication is disabled, the tab with HTTP authentication options will not be displayed in the frontend. Note that reinstalling the frontend (running setup.php) will reset authentication settings, including HTTP authentication configuration.

[comment]: # ({/91c8a92a-e5bdba8c})

[comment]: # ({de0c6768-7677c7bc})

#### Configuration

![](../../../../../../assets/en/manual/web_interface/frontend_sections/administration/auth_http.png){width="600"}

Configuration parameters:

|Parameter|Description|
|--|--------|
|*Enable HTTP authentication*|Mark the checkbox to enable HTTP authentication. Hovering the mouse over ![](../../../../../../assets/en/manual/web_interface/frontend_sections/administration/auth_http_2.png) will bring up a hint box warning that in the case of web server authentication, all users (even with [frontend access](/manual/config/users_and_usergroups/usergroup#configuration) set to LDAP/Internal) will be authenticated by the web server, not by Zabbix.|
|*Default login form*|Specify whether to direct non-authenticated users to:<br>**Zabbix login form** - standard Zabbix login page.<br>**HTTP login form** - HTTP login page.<br>It is recommended to enable web-server based authentication for the `index_http.php` page only. If *Default login form* is set to 'HTTP login page' the user will be logged in automatically if web server authentication module will set valid user login in the `$_SERVER` variable.<br>Supported `$_SERVER` keys are `PHP_AUTH_USER`, `REMOTE_USER`, `AUTH_USER`.|
|*Remove domain name*|A comma-delimited list of domain names that should be removed from the username.<br>E.g. `comp,any` - if username is 'Admin\@any', 'comp\\Admin', user will be logged in as 'Admin'; if username is 'notacompany\\Admin', login will be denied.|
|*Case-sensitive login*|Unmark the checkbox to disable case-sensitive login for usernames (enabled by default).<br>Disabling case-sensitive login allows, for example, to log in as "admin" even if the Zabbix user is "Admin" or "ADMIN".<br>Please note that if case-sensitive login is disabled and there are multiple Zabbix users with similar usernames (e.g., Admin and admin), the login for those users will always be denied with the following error message: "Authentication failed: supplied credentials are not unique."|

::: notetip
For internal users who are unable to log in using HTTP
credentials (with HTTP login form set as default) leading to the 401
error, you may want to add a `ErrorDocument 401 /index.php?form=default`
line to basic authentication directives, which will redirect to the
regular Zabbix login form.
:::

[comment]: # ({/de0c6768-7677c7bc})